Yesterday morning, Microsoft released, along with its most recent biannual transparency reports, a 2014 National Security Letter (NSL) from the FBI which sought “data belonging to a customer of our consumer services,” according to the company’s press release on the matter. The press release also states that Microsoft is “the latest in a series of companies able to disclose an NSL due to provisions in the USA Freedom Act requiring the FBI to review previously issued non-disclosure orders.”

That list of companies has grown increasingly long. Twitter released two NSLs earlier this year, one from 2015 and one from 2016. Other companies that have released their letters are Yahoo (three), Cloudflare (one), CREDO (two) and Google (eight). Yahoo was the first to release its NSLs.

The companies have all cited the USA FREEDOM Act of 2015 as the legal justification for the documents’ release. Under Section 502(f) of the Act, the Attorney General is required to “adopt procedures with respect to nondisclosure requirements,” to require “review at appropriate intervals of such a nondisclosure requirement to assess whether the facts supporting nondisclosure continue to exist,” and to require the “termination of the nondisclosure agreement if the facts no longer support nondisclosure.”

The Department of Justice drafted its “Termination Procedures for National Security Letter Nondisclosure Requirement,” in response. The procedures provide that the nondisclosure requirement pertaining to a National Security Letter closes either “upon the closing of any investigation in which an NSL containing a nondisclosure provision was issued,” or “on the third-year anniversary of the initiation of the full investigation.” The FBI can extend the nondisclosure requirement beyond three years only if either a Special Agent-in-charge or a Deputy Assistant Director certifies in writing that “one of the statutory standards for nondisclosure is satisfied.”

Section 502(b)(2)(c)(1)(B)(i)-(iv) of the USA FREEDOM Act list four of these standards. Disclosure is prohibited if it would result in:

a danger to the national security of the United States;

interference with a criminal, counterterrorism, or counterintelligence investigation;

interference with diplomatic relations; or

danger to the life or physical safety of any person.

If one of these standards is not met, then the nondisclosure requirement is automatically terminated.

Even so, Twitter is in the middle of ongoing litigation with the FBI over the release of NSLs. Twitter filed suit against the FBI in 2014 over the constitutionality of these nondisclosure requirements, claiming that the requirements act as a prior restraint of free speech prohibited under the First Amendment. The case is currently before Judge Yvonne Gonzalez Rogers of the U.S. District Court for the Northern District of California.

Jordan A. Brunner is a third-year law student at the Sandra Day O’Connor College of Law at Arizona State University, and was a national security intern at the Brookings Institution. Prior to law school, he was a Research Fellow with the New America Foundation/ASU Center for the Future of War, where he researched cybersecurity, cyber war, and cyber conflict alongside Shane Harris, author of @War: The Rise of the Military-Internet Complex. He graduated summa cum laude from Arizona State University with a B.S. in Political Science.